Re: [Tutor] Read protection of python files for Abaqus
Dear Sir; Thank you very much for the information. After I read your e-mail, I have started to think that our codes are not highly but moderately valuable. Therefore, I am satisfied, by using .pyc files. I am not very affraid of determined hackers from outside because they will not understand the usage of my application and a hardcopy of the codes will always be in my handbag. Best Regards Ferruh Kayhan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Langford Sent: Monday, January 14, 2008 5:33 PM To: Ferruh KAYHAN Cc: tutor@python.org Subject: Re: [Tutor] Read protection of python files for Abaqus I know there are a lot of people who are very much for code openness in all cases. I'm from a couple worlds that's not even something you'd think about doing (military software, where people die if the other side gets your code, and embedded software, where a company in china copies your design and puts you out of business), so you have to work within this sometimes. That said, many companies *vastly* overvalue their code base, especially the great balance of it, when really 4-10 modules are the only valuable parts. There are obfuscators that generally work for python and then only shipping .pyc files (as someone suggested above) helps as well. If the code really is that valuable, I doubt you're going to be able to hide it well enough a determined, an attacker with a skill level equal to many of the people on this list, couldn't extract your algorithms. I'm am not saying .NET is any more secure in that than python is either. Just introspective languages (Java too), have this issue where they're quite a bit easier to reverse engineer. Assuming its only moderately valuable, then the steps above should be enough. You may think about isolating the highly valuable algorithm in a C module then highly optimizing it and running a stripper on it. Then connect it up to your python code with SWIG. That will defeat the introspection attacks (they'll only be able to see the interface of the C module), and the high levels of optimization in the C code (which you should strip) will hide the algorithm further. Another possibility is refactoring your algorithm into a code generating utility which you don't let leave your facility. The generated code will work, but is not reverse engineerable, as its just something like a massive lookup table, or a series of decomposed functions. I've been the guy attacking code before. It all boils down to the safe/lock issue: Locks and safes aren't there to keep people out forever, every good lock and safe has an amount of time they expect to keep people out. You have to have a security guard or something else at that point to safeguard your valuables. Pick locks that are good enough, and try to remove the incentives and abilities to break in other ways. --Michael PS: I would like to point out. These other people will be able to *call* your highly proprietary code no matter what you do. So if nothing else, a determined attacker can just call your code again without understanding it. -- Michael Langford Phone: 404-386-0495 Consulting: http://www.RowdyLabs.com On 1/14/08, Ferruh KAYHAN [EMAIL PROTECTED] wrote: Dear Sir; Thank you for your reply. Oftenly, especially in industrial companies, codes are becoming very valuable and owner of the company likes to keep that value as confidential in order to protect the company competitivness. Somr times, professionals are leaving companies and starting new jobs in competitor companies. Therefore, protecting some codes are becoming important. So in our case, we are not trying to stop anybody learning python language but we are trying to protect what we are doing with python. I hope my reply is sufficient. Regards -Original Message- From: bhaaluu [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2008 3:25 PM To: Ferruh KAYHAN Cc: tutor@python.org Subject: Re: [Tutor] Read protection of python files for Abaqus Greetings, On Jan 14, 2008 3:17 AM, Ferruh KAYHAN [EMAIL PROTECTED] wrote: Dear Sirs; Good morning. I do not like abaqus users will read my python file codes. How can I protect my codes from reading ans still workable by Abaqus import?? Best Regards Ferruh Kayhan quote source=wikipedia?ABAQUS Abaqus is widely used in the automotive, aerospace, and industrial products industries. The package is very popular with academic and research institutions ... These software products, especially Abaqus/CAE, extensively use the open-source scripting language Python for scripting and customization. /quote Don't academics and researchers thrive on sharing information? Also, this forum is geared towards learning Python, and sharing source code is encouraged in order to obtain help. Also, many eyes can find and fix bugs in your scripts, as well as, others may find the scripts useful: ie. research can advance more quickly
[Tutor] Read protection of python files for Abaqus
Dear Sirs; Good morning. I do not like abaqus users will read my python file codes. How can I protect my codes from reading ans still workable by Abaqus import?? Best Regards Ferruh Kayhan ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Read protection of python files for Abaqus
Ferruh KAYHAN wrote: Dear Sirs; Good morning. I do not like abaqus users will read my python file codes. How can I protect my codes from reading ans still workable by Abaqus import?? You can ship .pyc files instead of .py files, that will discourage casual readers. I don't think there is anything you can do to stop a determined reader from understanding your code. Kent ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Read protection of python files for Abaqus
Greetings, On Jan 14, 2008 3:17 AM, Ferruh KAYHAN [EMAIL PROTECTED] wrote: Dear Sirs; Good morning. I do not like abaqus users will read my python file codes. How can I protect my codes from reading ans still workable by Abaqus import?? Best Regards Ferruh Kayhan quote source=wikipedia?ABAQUS Abaqus is widely used in the automotive, aerospace, and industrial products industries. The package is very popular with academic and research institutions ... These software products, especially Abaqus/CAE, extensively use the open-source scripting language Python for scripting and customization. /quote Don't academics and researchers thrive on sharing information? Also, this forum is geared towards learning Python, and sharing source code is encouraged in order to obtain help. Also, many eyes can find and fix bugs in your scripts, as well as, others may find the scripts useful: ie. research can advance more quickly. Is there a particular reason why you don't want others to see your Abaqus Python scripts? Just curious. -- b h a a l u u at g m a i l dot c o m ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Read protection of python files for Abaqus
Thank you very much for your reply. -Original Message- From: Kent Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2008 2:13 PM To: Ferruh KAYHAN Cc: tutor@python.org Subject: Re: [Tutor] Read protection of python files for Abaqus Ferruh KAYHAN wrote: Dear Sirs; Good morning. I do not like abaqus users will read my python file codes. How can I protect my codes from reading ans still workable by Abaqus import?? You can ship .pyc files instead of .py files, that will discourage casual readers. I don't think there is anything you can do to stop a determined reader from understanding your code. Kent ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Read protection of python files for Abaqus
Dear Sir; Thank you for your reply. Oftenly, especially in industrial companies, codes are becoming very valuable and owner of the company likes to keep that value as confidential in order to protect the company competitivness. Somr times, professionals are leaving companies and starting new jobs in competitor companies. Therefore, protecting some codes are becoming important. So in our case, we are not trying to stop anybody learning python language but we are trying to protect what we are doing with python. I hope my reply is sufficient. Regards -Original Message- From: bhaaluu [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2008 3:25 PM To: Ferruh KAYHAN Cc: tutor@python.org Subject: Re: [Tutor] Read protection of python files for Abaqus Greetings, On Jan 14, 2008 3:17 AM, Ferruh KAYHAN [EMAIL PROTECTED] wrote: Dear Sirs; Good morning. I do not like abaqus users will read my python file codes. How can I protect my codes from reading ans still workable by Abaqus import?? Best Regards Ferruh Kayhan quote source=wikipedia?ABAQUS Abaqus is widely used in the automotive, aerospace, and industrial products industries. The package is very popular with academic and research institutions ... These software products, especially Abaqus/CAE, extensively use the open-source scripting language Python for scripting and customization. /quote Don't academics and researchers thrive on sharing information? Also, this forum is geared towards learning Python, and sharing source code is encouraged in order to obtain help. Also, many eyes can find and fix bugs in your scripts, as well as, others may find the scripts useful: ie. research can advance more quickly. Is there a particular reason why you don't want others to see your Abaqus Python scripts? Just curious. -- b h a a l u u at g m a i l dot c o m ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Read protection of python files for Abaqus
I know there are a lot of people who are very much for code openness in all cases. I'm from a couple worlds that's not even something you'd think about doing (military software, where people die if the other side gets your code, and embedded software, where a company in china copies your design and puts you out of business), so you have to work within this sometimes. That said, many companies *vastly* overvalue their code base, especially the great balance of it, when really 4-10 modules are the only valuable parts. There are obfuscators that generally work for python and then only shipping .pyc files (as someone suggested above) helps as well. If the code really is that valuable, I doubt you're going to be able to hide it well enough a determined, an attacker with a skill level equal to many of the people on this list, couldn't extract your algorithms. I'm am not saying .NET is any more secure in that than python is either. Just introspective languages (Java too), have this issue where they're quite a bit easier to reverse engineer. Assuming its only moderately valuable, then the steps above should be enough. You may think about isolating the highly valuable algorithm in a C module then highly optimizing it and running a stripper on it. Then connect it up to your python code with SWIG. That will defeat the introspection attacks (they'll only be able to see the interface of the C module), and the high levels of optimization in the C code (which you should strip) will hide the algorithm further. Another possibility is refactoring your algorithm into a code generating utility which you don't let leave your facility. The generated code will work, but is not reverse engineerable, as its just something like a massive lookup table, or a series of decomposed functions. I've been the guy attacking code before. It all boils down to the safe/lock issue: Locks and safes aren't there to keep people out forever, every good lock and safe has an amount of time they expect to keep people out. You have to have a security guard or something else at that point to safeguard your valuables. Pick locks that are good enough, and try to remove the incentives and abilities to break in other ways. --Michael PS: I would like to point out. These other people will be able to *call* your highly proprietary code no matter what you do. So if nothing else, a determined attacker can just call your code again without understanding it. -- Michael Langford Phone: 404-386-0495 Consulting: http://www.RowdyLabs.com On 1/14/08, Ferruh KAYHAN [EMAIL PROTECTED] wrote: Dear Sir; Thank you for your reply. Oftenly, especially in industrial companies, codes are becoming very valuable and owner of the company likes to keep that value as confidential in order to protect the company competitivness. Somr times, professionals are leaving companies and starting new jobs in competitor companies. Therefore, protecting some codes are becoming important. So in our case, we are not trying to stop anybody learning python language but we are trying to protect what we are doing with python. I hope my reply is sufficient. Regards -Original Message- From: bhaaluu [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2008 3:25 PM To: Ferruh KAYHAN Cc: tutor@python.org Subject: Re: [Tutor] Read protection of python files for Abaqus Greetings, On Jan 14, 2008 3:17 AM, Ferruh KAYHAN [EMAIL PROTECTED] wrote: Dear Sirs; Good morning. I do not like abaqus users will read my python file codes. How can I protect my codes from reading ans still workable by Abaqus import?? Best Regards Ferruh Kayhan quote source=wikipedia?ABAQUS Abaqus is widely used in the automotive, aerospace, and industrial products industries. The package is very popular with academic and research institutions ... These software products, especially Abaqus/CAE, extensively use the open-source scripting language Python for scripting and customization. /quote Don't academics and researchers thrive on sharing information? Also, this forum is geared towards learning Python, and sharing source code is encouraged in order to obtain help. Also, many eyes can find and fix bugs in your scripts, as well as, others may find the scripts useful: ie. research can advance more quickly. Is there a particular reason why you don't want others to see your Abaqus Python scripts? Just curious. -- b h a a l u u at g m a i l dot c o m ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
